Phone · Text · Email
Practical, do-it-together steps to help an older parent stay safe across the three ways scams most often arrive, not by wrapping them in cotton wool, but by setting them up to handle it themselves.
Last reviewed June 2026
The best time to deal with a scam is before one ever lands. A few simple habits and settings, put in place calmly while nothing is going wrong, will turn aside the great majority of phone, text and email scams, and they take an afternoon at most.
The reassuring part is that most scams follow a similar pattern.
Everything that follows is really just that one habit, applied to each of the three channels.
The calls to watch for tend to come in a few shapes: someone claiming to be from the bank, warning that the account has been compromised and that the money must be moved to a "safe account"; a threatening message about unpaid tax or an arrest warrant; a caller saying there's a virus on the computer who wants to be let in to fix it; and, increasingly, a panicked call from a "son," "daughter" or "grandchild" in sudden trouble who needs money straight away.
Three things are worth knowing, and worth saying to your parent plainly:
The protections are simple. Don't give out details or codes to anyone who has called you. If a call rattles them, hang up and ring the organisation back on a number they already have, or 159 for the bank. Let calls from unknown numbers go to voicemail. A call-blocking handset, and registering the number with the Telephone Preference Service, will cut down the nuisance calls that scams tend to hide among. And never let a caller talk them into installing an app or granting access to a computer or phone, however helpful the caller sounds, that hands over the keys to everything.
Free, and it takes two minutes
For the "relative in trouble" call, which AI voice-cloning has made genuinely convincing, the best defence costs nothing. Agree a family safe word, a daft, private word a real relative would know and a fake voice wouldn't, so a frightening "it's me, I've lost my phone, I need money now" can be settled in seconds.
Scam texts usually carry a link and a small dose of urgency: a parcel "held" pending a tiny fee, the bank flagging "unusual activity," a tempting tax refund to claim, or a warning that an account is about to be closed. The link leads to a convincing copy of the real website, built to capture card details or logins.
A few facts settle most of them:
The rule for texts is therefore short: don't tap the link. If your parent is expecting a parcel or wants to check something, they go to the company's own app or website themselves. They never enter card or login details from a link in a text. Anything suspicious can be forwarded, free, to 7726, which helps the networks block the sender, and then deleted. It's also worth switching on the phone's built-in filtering for junk and unknown-sender messages, which quietly catches a good deal before it's ever seen.
Email scams lean on the same tricks, with more room to look official: a refund or a threat, a fake login page for the bank or the email provider, an "account locked" warning, or an attachment dressed up as an invoice. The sender's address can be faked to look entirely genuine.
The habit is the same one. Don't click links or open unexpected attachments. To check whether something is real, go to the organisation directly, by typing the address in or using a saved bookmark or the app, and log in there, never through the email. The old visual giveaways are getting rarer, so the email is best judged by what it's asking for rather than how polished it looks. HMRC never emails about tax refunds or asks for payment details, and a bank will never email asking anyone to log in or "verify" an account through a link. Suspicious emails can be forwarded to report@phishing.gov.uk, the National Cyber Security Centre's reporting service.
The master key
The email account itself deserves the strongest protection of all, because whoever controls it can reset the passwords to almost everything else. Help your parent set a strong, unique password and switch on two-step verification (sometimes called two-factor, or 2FA), which asks for a second check whenever anyone tries to log in from somewhere new. While you're at it, a password manager makes it easy to give every account a different password without anyone having to remember them all.
A handful of things are worth putting in place, and an afternoon together covers most of them: agree the safe word, save 159 in both your phones, switch on the phone's message filtering and two-step verification on the email, and take a look at Friends Against Scams, a free National Trading Standards scheme that runs short, practical awareness sessions.
For the times you can't be there.
A tool like Dear Enid can help. Its "Is this safe?" check lets someone paste in a text, a link, or a photo of something that looks off and get a plain-English read, so they can sense-check it on the spot.
Try Enid's "Is this safe?" check free →None of it takes long, and you don't need to get every setting perfect. The habit is what does most of the work: treat anything unexpected that tries to hurry you with suspicion, never act on the contact details it gives you, and check it by going to the company yourself or dialling 159. Get that one reflex in place and you've turned aside the great majority of scams that arrive by phone, text or email.
This article is general information, not personal financial or legal advice. Specific figures, fees and rules change over time, so confirm anything that matters with the organisation directly using the contacts above. Last reviewed June 2026. Worried it's already happening? Read our guide → Or see the latest UK scams and how to spot them.
